<!doctype html>


<html>
<head>
  <link rel="shortcut icon" href="static/images/favicon.ico" type="image/x-icon">
  <title>safe.js (Closure Library API Documentation - JavaScript)</title>
  <link rel="stylesheet" href="static/css/base.css">
  <link rel="stylesheet" href="static/css/doc.css">
  <link rel="stylesheet" href="static/css/sidetree.css">
  <link rel="stylesheet" href="static/css/prettify.css">

  <script>
     var _staticFilePath = "static/";
     var _typeTreeName = "goog";
     var _fileTreeName = "Source";
  </script>

  <script src="static/js/doc.js">
  </script>


  <meta charset="utf8">
</head>

<body onload="grokdoc.onLoad();">

<div id="header">
  <div class="g-section g-tpl-50-50 g-split">
    <div class="g-unit g-first">
      <a id="logo" href="index.html">Closure Library API Documentation</a>
    </div>

    <div class="g-unit">
      <div class="g-c">
        <strong>Go to class or file:</strong>
        <input type="text" id="ac">
      </div>
    </div>
  </div>
</div>





<div class="colmask rightmenu">
<div class="colleft">
    <div class="col1">
      <!-- Column 1 start -->

<div id="title">
       <span class="fn">safe.js</span>
</div>

<div class="g-section g-tpl-75-25">
  <div class="g-unit g-first" id="description">
    <span class='nodesc'>No description.</span>
  </div>
  

        <div class="g-unit" id="useful-links">
          <div class="title">Useful links</div>
          <ol>
            <li><a href="local_closure_goog_dom_safe.js.source.html"><span class='source-code-link'>Source Code</span></a></li>
            <li><a href="http://code.google.com/p/closure-library/source/browse/local/closure/goog/dom/safe.js">Git</a></li>
          </ol>
        </div>
</div>

<h2 class="g-first">File Location</h2>
  <div class="g-section g-tpl-20-80">
    <div class="g-unit g-first">
      <div class="g-c-cell code-label">/goog/dom/safe.js</div>
    </div>
  </div>
<hr/>


   
<br/>

  <div class="legend">
        <span class="key publickey"></span><span>Public</span>
        <span class="key protectedkey"></span><span>Protected</span>
        <span class="key privatekey"></span><span>Private</span>
  </div>









<div class="section">
  <table class="horiz-rule">


  </table>
</div>




  <h2>Global Functions</h2>





<div class="section">
  <table class="horiz-rule">


     <tr class="even entry public">
       <td class="access"></td>






  <td>
    <a name="goog.dom.safe.documentWrite"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.dom.safe.</span><span class="entryName">documentWrite<span class="args">(<span class="arg">doc</span>,&nbsp;<span class="arg">html</span>)</span>
        </span>
      </div>


     <div class="entryOverview">
       Writes known-safe HTML to a document.

     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">doc</span>
        : <span>!</span><span class="type"><a href="https://developer.mozilla.org/en/DOM/document">Document</a></span>
        <div class="entryOverview">The document to be written to.</div>
     </td>
   </tr>
     
   <tr class="odd">
     <td>
        <span class="entryName">html</span>
        : <span>!</span><span class="type"><a href="class_goog_html_SafeHtml.html">goog.html.SafeHtml</a></span>
        <div class="entryOverview">The known-safe HTML to assign.</div>
     </td>
   </tr>
  </table>
      </div>
   
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_dom_safe.js.source.html#line61">code &raquo;</a>
  </td>
     </tr>


     <tr class="odd entry public">
       <td class="access"></td>






  <td>
    <a name="goog.dom.safe.setAnchorHref"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.dom.safe.</span><span class="entryName">setAnchorHref<span class="args">(<span class="arg">anchor</span>,&nbsp;<span class="arg">url</span>)</span>
        </span>
      </div>


     <div class="entryOverview">
       Safely assigns a URL to an anchor element's href property.

If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
anchor's href property.  If url is of type string however, it is first
sanitized using goog.html.SafeUrl.sanitize.

Example usage:
  goog.dom.safe.setAnchorHref(anchorEl, url);
which is a safe alternative to
  anchorEl.href = url;
The latter can result in XSS vulnerabilities if url is a
user-/attacker-controlled value.


     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">anchor</span>
        : <span>!</span><span class="type">HTMLAnchorElement</span>
        <div class="entryOverview">The anchor element whose href property
    is to be assigned to.</div>
     </td>
   </tr>
     
   <tr class="odd">
     <td>
        <span class="entryName">url</span>
        : <span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String">string</a></span><span>&nbsp;|&nbsp;</span><span>!</span><span class="type"><a href="class_goog_html_SafeUrl.html">goog.html.SafeUrl</a></span>
        <div class="entryOverview">The URL to assign.</div>
     </td>
   </tr>
  </table>
      </div>
   
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_dom_safe.js.source.html#line85">code &raquo;</a>
  </td>
     </tr>


     <tr class="even entry public">
       <td class="access"></td>






  <td>
    <a name="goog.dom.safe.setInnerHtml"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.dom.safe.</span><span class="entryName">setInnerHtml<span class="args">(<span class="arg">elem</span>,&nbsp;<span class="arg">html</span>)</span>
        </span>
      </div>


     <div class="entryOverview">
       Assigns known-safe HTML to an element's innerHTML property.

     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">elem</span>
        : <span>!</span><span class="type"><a href="https://developer.mozilla.org/en/DOM/Element">Element</a></span>
        <div class="entryOverview">The element whose innerHTML is to be assigned to.</div>
     </td>
   </tr>
     
   <tr class="odd">
     <td>
        <span class="entryName">html</span>
        : <span>!</span><span class="type"><a href="class_goog_html_SafeHtml.html">goog.html.SafeHtml</a></span>
        <div class="entryOverview">The known-safe HTML to assign.</div>
     </td>
   </tr>
  </table>
      </div>
   
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_dom_safe.js.source.html#line51">code &raquo;</a>
  </td>
     </tr>


     <tr class="odd entry public">
       <td class="access"></td>






  <td>
    <a name="goog.dom.safe.setLocationHref"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.dom.safe.</span><span class="entryName">setLocationHref<span class="args">(<span class="arg">loc</span>,&nbsp;<span class="arg">url</span>)</span>
        </span>
      </div>


     <div class="entryOverview">
       Safely assigns a URL to a Location object's href property.

If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
loc's href property.  If url is of type string however, it is first sanitized
using goog.html.SafeUrl.sanitize.

Example usage:
  goog.dom.safe.setLocationHref(document.location, redirectUrl);
which is a safe alternative to
  document.location.href = redirectUrl;
The latter can result in XSS vulnerabilities if redirectUrl is a
user-/attacker-controlled value.


     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">loc</span>
        : <span>!</span><span class="type">Location</span>
        <div class="entryOverview">The Location object whose href property is to be
    assigned to.</div>
     </td>
   </tr>
     
   <tr class="odd">
     <td>
        <span class="entryName">url</span>
        : <span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String">string</a></span><span>&nbsp;|&nbsp;</span><span>!</span><span class="type"><a href="class_goog_html_SafeUrl.html">goog.html.SafeUrl</a></span>
        <div class="entryOverview">The URL to assign.</div>
     </td>
   </tr>
  </table>
      </div>
   
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_dom_safe.js.source.html#line116">code &raquo;</a>
  </td>
     </tr>


  </table>
</div>






      <!-- Column 1 end -->
    </div>

        <div class="col2">
          <!-- Column 2 start -->
          <div class="col2-c">
            <h2 id="ref-head">Directory dom</h2>
            <div id="localView"></div>
          </div>

          <div class="col2-c">
            <h2 id="ref-head">File Reference</h2>
            <div id="sideFileIndex" rootPath="" current="/goog/dom/safe.js"></div>
          </div>
          <!-- Column 2 end -->
        </div>
</div>
</div>

</body>
</html>
